Fix miscalculation of maximum TLS 1.3 HKDF label length
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 54742f3..5a6204e 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -75,6 +75,8 @@
* the HkdfLabel structure on success.
*/
+static const char tls1_3_label_prefix[6] = "tls13 ";
+
#define SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( label_len, context_len ) \
( 2 /* expansion length */ \
+ 1 /* label length */ \
@@ -84,6 +86,7 @@
#define SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN \
SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( \
+ sizeof(tls1_3_label_prefix) + \
MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN, \
MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN )
@@ -93,8 +96,8 @@
const unsigned char *ctx, size_t clen,
unsigned char *dst, size_t *dlen )
{
- const char label_prefix[6] = "tls13 ";
- size_t total_label_len = sizeof( label_prefix ) + llen;
+ size_t total_label_len =
+ sizeof(tls1_3_label_prefix) + llen;
size_t total_hkdf_lbl_len =
SSL_TLS1_3_KEY_SCHEDULE_HKDF_LABEL_LEN( total_label_len, clen );
@@ -106,8 +109,8 @@
/* Add label incl. prefix */
*p++ = (unsigned char)( total_label_len & 0xFF );
- memcpy( p, label_prefix, sizeof(label_prefix) );
- p += sizeof(label_prefix);
+ memcpy( p, tls1_3_label_prefix, sizeof(tls1_3_label_prefix) );
+ p += sizeof(tls1_3_label_prefix);
memcpy( p, label, llen );
p += llen;